Are You Kidding Me?

Tuesday, October 27, 2015

I am exhausted by all the petty infighting. I am tired of
the partisan politics. Just knock it off already. It’s nothing but wrangling between the political
parties. Everyone gets it. It’s so painfully clear. Poor Hillary in another
overly politicized inquisition to just tear away at her flesh and storied
career.

Our republic is great. For me it is the greatest country
that has ever existed. There are some other really good ones, but America is
the “cat’s meow.” Loathe to be insensitive with my last idiomatic expression, I
don’t want to offend cat owners or dog lovers or people who like leashes--well
you get the idea.

America is great in part because it has advanced a unique form
of government with built-in checks and balances, among many other institutional
protections. What that means is that one branch of government can’t push around
another branch. After all, we evolved out of a polity where the king or queen
held sway and the Constitutional Framers decided the monarchy wouldn’t work here.That means that Congress can’t make war by
itself and when the President can’t get his ideas passed through Congress, he
can’t circumvent the process with some king-like Executive Order to frustrate the
process, for example (the Iran Nuclear deal advanced through Executive Order
notwithstanding).

Another unique feature of our democracy is governmental
transparency. We get to see what our elected officials do or not do. They are
supposed to memorialize their actions in the government record for posterity
and transparency sake. Thereafter our laws, like Freedom of Information, ensure
that we have an optic into governmental activities, assuming it isn’t
classified. Because we don’t want just anyone seeing our classified
information.

Another really great thing about America is our advancement
of individual freedoms embodied in the Bill of Rights, among other places. But it seems like sometimes when our great American
values collide, we have to have a predictable way to advance the most important
values of our great land. The right to
do whatever you want, whenever you want is not likely going to win especially
when it’s the government at issue.

So if you are a government worker and you don’t like having
a government email, too bad so sad. All employees can’t do what they want at
work, including the US Government employees.Or if you don’t like the government provided IT staff, technology
choices or functionality provided to get your job done, you can’t just find a cheapo
cloud provider and use their free IT email and storage services for your
government work because, come on, that would undermine the whole accountability/transparency
thing that made our great nation great. But Hillary Clinton is different. She is the
boss. So when she tells the entire State Department to refrain from using
personal email for government work, she was talking to everyone but herself.
And when she complains about managing the complexity of multiple communications
devices, then she should be able to get rid of her government email all
together, right? Come on, she’s the boss and should be able to use a private
server located in her basement to manage US foreign affairs for all other
nations because it’s just way easier for her. And if she wants to manage state secrets
through an IT provider in Colorado located in a strip mall, then she should be
allowed to, because, come on, she’s the Queen Bee. Come on, this is America,
“Land of the Home and Free of the Brave.”Freedom rules. But we do not have kings and queens and that’s the really
great part of our great land.

I sure wish they would stop busting Clinton’s chops over the
information she sent or received via email. Even if it was classified it wasn’t
marked classified so not one of the bad guys would have bothered to hack her
account and read such boring stuff. (Yes, I heard the “rumor” that several
foreign governments tried to hack her server, but who knows if it’s really true.)

And then there is the personal vs. government issue—you
don’t think her aids know the difference between a wedding invitation
discussion and an explanation of security threat in Libya and the likelihood of
a major terror attack on our diplomatic presence there?Why not let Clinton decide when she will turn
over records in accordance with the Federal Records Act, because after all, transparency
can happen sometime in the future—maybe after she is elected queen.And don’t you think the Secretary of State is
the best person at the State Department to know what is classified or top- secret and
how to protect it. For that matter, I bet she knows best how to secure data, and
between her Colorado IT shop in the mall and the NSA or Department of State
security personnel, I am sure she had it all locked down and buttoned up. “Hey,
can I get some help over here working my fax machine.” And why bother with the National
Archives and Records Administration to decide what is a government record worth
keeping when Hillary will give us what she hasn’t destroyed when she decides it’s
time.

It’s an election year and that is all this is—partisan
politics. I hate the sabre rattling about the silly email security stuff.

On the other hand, if she wasn’t running for President of
the United States and her former boss wasn’t the king, I wonder if Hillary
would be prosecuted for her mishandling of sensitive government information
the way others have been. Thank goodness for transparency and accountability.I see myself as an Independent. I am not
anti-Hillary. But this is not about Clinton or the Republican’s trying to make
hay from the Benghazi tragedy. For me, it’s about making a record. I am for
ensuring America’s greatness by keeping a complete record and making it open to
the citizens. I am also for protecting government secrets. I am also for
applying a little reasonableness to the discussion. If what Hillary did doesn’t
bother you a little, perhaps you are too colored by Fall foliage or the election
season. Just saying.

Wednesday, December 10, 2014

“The hack and
subsequent posting…illustrate the risks large companies like Sony take by
amassing years of digital records on employees and customers on machines
connected to the Internet. Much of the data analyzed…was stored in Microsoft
Excel files without password protection.” Wall
Street Journal December 5, 2014

After the hundredth major information hack, you start to
become immune or may be underwhelmed by the magnitude. “So what if another 47,000
personal identities got swiped.” “So
they know the personal info of Sylvester Stallone, no big deal.”

What can we learn from our world where there is more
information than ever before, that is more
connected than ever before and as a result more vulnerable to information theft
than ever before?

So here are a few truisms about the hacking reality in these
times:

1.Security
breaches will happen no matter how much effort is made to ensure they
don’t.

2.Information
matters. That is why criminal groups, across the globe seek to steal as
much information as possible. Its business.

3.More businesses are being more proactive as
reputations hinge upon it. Information
security has become central to fiscal health. Just ask Target how impactful
a serious hack can be.

4.We will become more immune to “hacking” stories, which is, in some ways good and in
some ways bad.

a.Good, because we are not worried that the sky is
failing and organizations can focus on the real business of knowing where its data
resides and can lock it down better.

b.Bad, because ignoring the huge impact that some of
these hacks create maybe portend lethargy or helplessness.

5.Security
is a process not a project. It is a
marathon, not a sprint. It is an
organizational activity that requires vigilance and persistence over time. Getting lazy means more bad results. From a corporate governance perspective, it
is like any activity that is important enough to bake into the business processes.

6.Smart
organizations continually augment the ways they manage privacy, information
security, corporate trade secrets and IP.
That is because technology changes. Actions taken by criminals change.
And the problem evolves, so your response needs to continually evolve to meet
the new challenge.

7.Smart
organizations take action for two reasons—one, to mitigate the risk and
address the harm, and two, to insulate the company from the harm caused by the
attacks that get through. In other words, the good things your organization
does to prevent a hack, may be used to support your company and mitigate the
downside if and when your information crowned jewels are hacked.

And that brings me to Information Nation- Seven Keys to
Information Management Complianceand the importance of a process to better management which serves both
purposes described in paragraph 7.
Compliance methodology can save your company and act as insurance or
insulation. This is why, “A corporation can act through natural
persons, and it is therefore held responsible for the acts of such persons…on
the other hand in certain circumstances, it may not be appropriate to impose
liability upon a corporation, particularly one with a compliance program…

U.S. Dept. of Justice”

Here are a few simple rules to help guide you:

a.Vigilance comes from having a process, so build it
or augment the existing process.

b.Information Management Compliance is our
compliance methodology that we built on the Federal Sentencing Guidelines which
is the basis for most US compliance programs. Compliance methodology
demonstrates what good corporate citizens do and can act to mitigate harm or
insulate all together.

c.Good corporations need to protect their
reputation now more than ever by having working security programs.

d.Combining a compliance methodology with security
initiatives is something to seriously consider. That way your security program can
better confront the hacking your organization most assuredly will be confronted
with, as well as mitigate the damage if and when something slips through the
cracks

e.Finally, getting your company better buttoned up
and protected begins with knowing where your information lives, knowing who has
access to it and coding and securing it according to its value.

The
Sony hack is another wake up call. Even though, I am not sure if Sony could
have stopped the intrusion no matter what security it had in place given the complexity
of the hacking. But I am sure we will have many governmental organizations
seeking to answer that question. One
thing I am sure of already, is that when personal information or company secrets
are amassed and not locked down, they will get exposed. It’s just a matter of
how often and how much impact it will have. When PII of Hollywood figures is replicated
numerous times in the data pool, perhaps without business justification,
someone should be asking why so many
instances of the same information and why are they not locked down? Did Sony
do anything to mitigate information security risks by keeping as little as
possible for as short as possible and properly locking it up? These questions too will be addressed in due
time, which most assuredly will have further impact on Sony. But for today, purposeful vigilance with a plan is the
rallying cry. Know your information,
know where it resides and lock it down. Your existence may depend on it.

Thursday, December 4, 2014

I got a late start this year. So yesterday I sent a box
request to Steel Hill, our off-site storage vendor, to get my box of holiday
paraphernalia. I celebrate Christmas, I mean Hanukah, I mean Kwanza, I
mean Unique Snowflake Fest. Anyway, I wanted to get my box so I can adorn my
office. And that got me thinking that if everyone in my company did what I do,
we would be spending loads of unnecessary dough on storing crud. And that got
me thinking about how much money we could save getting rid of crud. And that
got me thinking about what crud really is? And well, that got me thinking that
I forgot to wish you a happy holidays. But let me come back to that in a
minute.

Shockingly, this past year we were engaged many times to
deal with cleaning up the boxes of crud at off-site storage vendors for big
company clients. That is significant for a few reasons. One, because
companies now understand keeping unneeded information carries with it real
costs. Two, even boxes of paper have become the target to save money (given that
most info costs are related to electronic stuff). Three, we have been in a
nearly all-electronic business world for years now, so dealing with paper now
seems odd. Four, companies seemingly forgot about the boxes, but hopefully now are
getting reacquainted as they get their annual bill and are asking why store
crud? Five, getting rid of boxes of paper carries with it a cost which may be
higher than the annual cost to keep the boxes and that reality may impact clean-up
efforts.

Oh, Happy Holidays-whatever it is that you celebrate. Be
safe, healthy and live joyously.

And all that holiday sweet talk got me thinking about New
Years. And that got me thinking about chicken wings. Don’t ask. And that got me
thinking about New Year’s resolutions, which by the way I’m generally not a fan
of. But as the old adage goes, “do as I say, not as I do”. So please take
to heart my sincere request to: Save a Tree; Go Green; Live Simply; and Create
a smaller carbon footprint. Help your company clean up its crud this year. Take
on the personal drives, email system, or even the boxes of curd ready for
disposition. Tis the season to “Rightsize Your Information
Footprint”. And that means get rid of your crud. And that got me
thinking about chicken wings. And that got me thinking about what cute sweater
I was going to wear to the Unique Snowflake Fest party this weekend. And
because my sweater is red, that got me thinking about the Wisconsin Badgers
beating Ohio State this weekend. Jump Around!

Friday, November 21, 2014

Years ago, email burst onto the business scene to become the
premier business productivity tool used at work. Not surprising, the post
office immediately started to witness the precipitous decline in the number of
first class business letters being sent. Revenue from first-class mail in 2000
was $91 Billion, and according to the US GAO it’s projected to be $39 Billion
in 2020. Email was a game changer for which the post office didn’t have an
immediate answer. The United States Post Office (USPO) tried staying open later
and also tried selling non-mail related products. The USPO even allowed
customized stamps to be printed at home. But in the end, the only way the USPO
was going to replace the revenue lost due in large part to email use, which
replaced the first class letter was with truly transformative change. In fact, maybe there wasn’t really a viable
answer. But whatever was tried was incremental in nature and insufficient to
stem the bleeding that was catastrophic to the letter mailing business.

Steal this Song

Some kid had the bright idea that he could build an online
network for people to share music for free, over the internet (otherwise known
as Napster). Wonderful idea, unless of course you are the artists who created
the music or the music companies that sell it. In either case, both the artist
and music company will be directly and substantially impacted. The music industry was ill prepared for this
transformational change and started to flail immediately trying to seize
control of the problem. Whether you embrace change or fight it when confronted
with transformational changes will in part dictate your future. But we will
come back to that in a minute.

First the Recording Industry Association (RIA) sued the creators
of the various music sharing environments. Then the RIA sued select “borrowers”
of the online “free” music to send a message to the rest of the snot nosed
kids. This approach didn’t address the
heart of the issue and instead made the industry look like bullies. While they
were trying to stop transformational change with ineffective incremental baby
steps, the winners, the ones building transformational solutions, were creating
new ways to build value and business around a new reality-- that music could
flow fast and freely across the web.

For Apple, which figured out how to deliver and sell the
music, they have been handsomely rewarded. Many artists now sell their music
one song at a time through the Apple music ecosystem or elsewhere or even sell
it directly to listeners from their own websites. For companies like Sony and
their famed (tape-based) Walkman, the story of their decline is well documented
and painful to revisit.

The Changing Information
Landscape

But this is not an article about business transformation
generally. Rather, it’s an article about how global business is going to deal
with an information landscape that is rapidly evolving and morphing in
unpredictable ways. It’s about companies being overwhelmed by a tsunami of data
routinely negatively impacting IT frameworks, storage networks, servers and
employees. It’s also about more opposing laws and rules that can’t be applied
or followed at the document or file level. It’s about big data demanding more
information to crawl through while the corporate privacy officer is pushing for
the company to keep less information to reduce overall risk.

If, in another world, information grew at 2 or 3% per year,
then maybe employees could manage privacy, protect company trade secrets and
handle the task of records management. But most organizations’ information
footprints are growing at 25-50% per year, and that is not the only challenge
they face. More company information exists outside the company firewall (or in
unmanaged repositories) than ever before, making control and access a new
costly complexity. There has been a proliferation of new laws and regulations
dictating how organizations deal with litigation response, manage company IP,
lock down personally identifiable information (PII) or personal health
information (PHI), or classify records.

Dealing with the Perfect
Information Storm

How does a company deal with this “Perfect Information
Storm” where massive volume meets massive management complexities, which
collides with burgeoning laws, all of which can result in existential
consequences from mismanagement?

Every day Bob goes to work and like the day before, does
exactly what he has done every other day. The products that are created look
and function exactly like the ones produced yesterday, most likely boring for
Bob, but predictable for the company and the factory in which Bob works. That
is because the process by which the products were created was a process meant
to predictably create the widget the same way, day in and day out (think Henry
Ford). Behind the factory processes is the concept that building a good and
repeatable manufacturing process in turn ensures that the widget or whatever is
built predictably good enough, every time. The whole idea is that once the
factory itself is built well there is no need to rethink the manufacturing
process every time another widget is made. If I focus on making each widget by
hand when I need to make scads of them, then I am committing to a process that
is wrong for the task. On the other hand, if I wanted to craft a fine painting,
the factory-based manufacturing process is not right for the task.

One Man’s Record is
another Man’s Junk

Contrary to popular belief, information is not so unique
that it requires the master artisan’s touch to manage it properly. Even if that were true, and it’s not, that is
simply no longer doable as we have too much information volume and it continues
to grow. Even more importantly, if you asked 10 employees their opinion on the
business value of a document, they would likely have several different CORRECT
ways to manage or classify it. It’s
something like - one man’s record is another man’s junk. Or better stated, everyone, no matter how much
training they have, evaluates information differently. Not all the time, but a
lot. That is because where you sit in an organization, your individual
educational background, risk tolerance, understanding of the content, etc. all
impact how you evaluate whether or not it’s a record, if its private, if it’s a
trade secret, etc.

Compliance with laws won’t get any easier, the places data
is parked won’t get fewer, and volume of information won’t get less
voluminous. Each one of those statements
is game changing yet folks still wear their incremental (paper-based)
information management hat limping along trying to solve a transformative
problem with the wrong set of tools - Much like trying to eat an ocean sized
pot of soup with a spoon.
Transformational change needs transformation solutions, not incremental
ones.

So what to do?

Build an Information Management Factory. You need to solve the problem from the top
down. Looking at the individual file when there are hundreds of millions or
billions of them can’t possibly work, in other words think reproducible. Think
massive. Think through-put. Think practical. Think transformational.

Can or should a company even contemplate managing hundreds
of millions of files with rules built for a time when there were no computers
and a few dozen paper record types? The information management space is trying
to solve a transformational change issue with wimpy incremental ideas whose
days were numbered decades ago. Get a clue and get on the transformation bus.
Employees couldn’t manage company records 10 years ago when the company
information footprint was 1/100th its current size (or less). The key take-away
- Rethink and rework everything.

10 Things You Must do Now
to get Information Management Right?

1. Throw out old thinking, old policies, old
ideas and tired information workers.

2. Hire a new IM factory “Owner.”

3. Build a multi-disciplinary IM Factory
team.

4. Develop the factory build out strategy
and agenda for the next 3 years.

5. Build an IM Factory.

6. Simplify rules so that all rules can be
applied without much or any employee intervention.

7. Use automation and applications to do the
“heavy lifting.”

8. Make certain environments “non-records”
locations so that all content goes away after a couple of years no matter what.

9. Develop rules for every new information
source upfront so end of life is predictable and contemplated.

10. Apply simpler rules to all environments with
a specific focus on storage hogs.

Don’t forget to buy some
robots. Robots are good for everything.

Whether you embrace change or fight it, when confronted with
today’s information realities, what is clear is that the problem isn’t getting
any easier to solve. What is equally as clear is that you and your colleagues
have not been very successful at solving it either. The reason is clear, minor
incremental changes won’t solve the information management problem any more
than a spoon can be used to serve up the ocean.

When faced with an exponential information growth problem,
responding with incremental fixes won’t address the real issue. In other words,
managing information in the current environment is unlike anything ever before
as there is so much more content in so many more places which the company
doesn’t have control over. It’s time for a whole new way to manage information.
It is time for information management professionals to take the lead in guiding
the factory in managing information.
Employees can’t and shouldn’t be expected to manage stuff anymore, they
are bad at it, they don’t have time for it, and there is too much of it to
meaningfully attack the issue. Instead,
build an information factory, automate as much as possible, and manage whole
environments as one. Time changes and you need to revisit and rework your
thinking about what works on a regular basis.

I heard a funny joke:

“How many Canadian post office employees does it take to
deliver a letter?” Answer—“None as they are phasing out of home delivery
because they are bleeding money”.
Ka-Boom.

Epilogue

Kahn Consulting has spent the last few years building IM
factories. It’s both doable and needed. If we can do it, so can you. Get busy.

Thursday, October 30, 2014

Com·pe·ti·tion: the act or process of trying to get or
win something (such as a prize or a higher level of success) that someone else
is also trying to get or win: the act or process of competing (Merriam Webster)

Steven Wright mused that “you
can't have everything, where would you put it?” But there are many in the IT
world that think otherwise. Larger companies this year will grow their
Information Footprint by 25-50% on average, which is about how much their data
store grew last year and the year before that. Smart business people believe
this path of keeping all their information is a good thing. Some even go
farther, believing that all their information is essential to effectively use
analytics technology (referred to as Big Data) to connect the dots to solve
business problems. That is because not only does Big Data crave, well, big
data, but also because answers to important business questions may dwell within
the deep recesses of unstructured data piles that may seem unimportant to the
casual or even the sophisticated observer. In other words, within all sorts of
Information Parking Lots dwell all sorts of valuable information nuggets that
only technology can harness. Getting rid of any information is tantamount to
ridding the company of a competitive advantage that comes from harvesting the
business answers.

The Information Competition
Becomes a Conflict

But there is a whole different
group of smart business folks that look at Big Data as a big risk and
liability. Sure there may be value in finding the needle in the massive
information haystack, but at what costs? These people seemingly take the exact
opposite position, that more is not merrier and that at some point information
which is “valueless” must be disposed. Defensible Disposition or “Rightsizing
Your Information Footprint” is needed for risk reduction and reducing costs.
The more information the company retains, the greater the likelihood that
personal customer data may be compromised or someone will successfully hack our
corporate information Crowned Jewels. Or the more information the larger the
e-discovery headache. Or keeping everything forever undermines the records
management program. Indeed, Privacy Officers generally think the right answer
is for companies to keep less information for shorter periods of time. While
Big Daters think about keeping more information longer periods of time.
Core to Records Management is that records go away at the end of its period of
retention no matter what, unless it’s needed as evidence in a lawsuit of
investigation. More ill managed IP means more risk of losing company
trade secrets.

And the “information use” battle
waging is not limited to companies trying to predict the colors customers will
want next season based on past buying habits. In an October 16, 2014 Wall
Street Journal Story, entitled “FBI Chief Warns Against Phone Encryption,” it
makes clear that the conflict over who gets to decide how information is
managed is a real life and death situation pitting privacy advocates against
the government. While government uses Big Data tools to crawl and unearth
terrorists, privacy advocates and some phone companies want phone data
encrypted. Similarly in an article entitled, “Privacy in the Internet of Things
era: Will the NSA know what’s in your fridge,” Wojtek Borowicz, points out that
“we’ve already entered the Internet of Things: a world where everything is
connected, with billions of devices storing and exchanging data about each
other and about their users – i.e. us. As it matures, it’s going to be hugely
convenient, not only to the average Joe, whose smart home will always remember
to lock the door and switch the lights off, but also to huge organizations.
However, one of the main concerns associated with it is the security of IoT
platforms and devices. But it’s not only preventing hackers from accessing
these systems we should be discussing: What about privacy, government
surveillance and the creepy vision of Big Brother hiding in my smart
fridge?” http://thenextweb.com/dd/2014/10/18/privacy-internet-things-era-will-nsa-know-whats-fridge/

So Who Wins and Who Loses in
This Conflict?

We find ourselves in an
information Olympics where the best of the best of every information use and
misuse is congregating to duke it out, though they may not even know it. The
Big Data team is trying to tie together disparate chunks of information to
answer business questions, while the storage guy screams, “No Mas”. I
think the business people win. I think Big Data wins where it adds value. But
that said, I believe that maybe making the seemingly divergent interests of
information use can be accommodated. Either way, we will see soon enough. But
for now, conflict or competition, information is being used for different purposes
by different sides of the company and this new reality needs management
attention ASAP.

Thursday, June 12, 2014

I am not sure I have any good way to say what I am about to
say. And in fact, I am so trepidatious that I have to couch my commentary in
verbiage subterfuge. I am not spineless, but just don’t want to create a bunch
of enemies with my cohort. So here goes. I am certain you will get my point
even if I hide the true identities of the offending parties to protect the
innocent and/or guilty.

Assume for a moment that an international information
association, decided that the industry and more specifically companies needed a
way to assess if they had a mature information management program. So the
organization got a bunch of their folks together to develop criteria by which
they should evaluate if their program was good enough to pass muster. And let’s
say after much talking and thinking they settled on an information management
Maturity Model and related criteria.

Recently, a client of ours had us look at their
self-assessment of their information management program using one such Maturity
Model Best Practice self-assessment tool. (The client is now considering having
us perform a new Gap Assessment). It is one of my favorite clients and
it’s a great company that does so much right. So when I reviewed their self-assessment,
I was stupefied. They used the information management’s organizations Maturity
Model criteria and concluded they were seriously substandard. I totally
disagreed with most of the conclusions of the assessment. I am not going to lay
out why I think the various criteria are flawed in total, but let me give you
an example to make my point. One of the criteria by which this company
evaluated itself according to the self-assessment was information “integrity”.
Based upon how the assessment MADE the client answer the questions, they got a
flunking grade. I told my client given what I knew about their business
processes and IT framework, that on the information integrity scale I would
give them a Rhodes Scholar type grade—at least an “A”. SO why such a
disconnect?

I get the whole thing about “one man’s hot is another man’s
cold” but this is not about perception. It is about the criteria and maturing
the process and still utterly failing even if what you have done is at least
good enough. From my humble perspective, the evaluative criteria are
aspirational, not functionally helpful, impracticable and may sell your company
unfairly down the river. BOOM! I believe it sets up companies to fail that
use the self-assessment, on criteria that are not really central to success.
Every organization would be flagging miserably if put under the assessment’s
microscope. And that’s just not the way it should be.

Which bring me to the PG&E San Bruno disaster and how
industry “best practices” evaluations can be helpful at fixing failings and can
also provide the basis for regulators to whack companies for failing to
properly manage records, among other things. The tragedy was horrible. The loss
of life and property is unthinkable. And the company may have had records management
failings. But look close enough at any company and most organizations fail
miserably. See the report at the following link. http://www.cpuc.ca.gov/NR/rdonlyres/23513DF5-28CB-425B-BAE4-0151981F0779/0/CPSD_Recordkeeping_OII_Report_Final.PDF

There are lots of information management industry standards,
best practices, evaluations from all sorts of organizations. There is some
terrific guidance and there are some downright damaging unattainable “best
practices”. I’m sure all comes into being with great intentions. But massaged,
manipulated and maneuvered by lawyers and a good company begins to smell
dirty.

We developed a methodology called “Information Management
Compliance” for evaluating the “goodness” of your Information Governance
Program which has been used by so many companies. I borrowed the criteria
from the Federal Sentencing Guidelines, which help judges evaluate what is good
corporate behavior. I figured if the court will evaluate your company by the
criteria, that you should build your program according to the criteria. (This
is also the topic of “Information Nation-Seven Keys to Information Management
Compliance”, See also http://www.arma.org/bookstore/files/Kahn.pdf.

Look close enough at any company’s information management
practices and you will find flaws. Lawyers are in the business of exploiting
flaws. I don’t need to give them material to work with that isn’t even real. So
companies, evaluate carefully, document thoughtfully and pick criteria by which
you evaluate circumspectly. Just saying.